Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6810b734 by Salvatore Bonaccorso at 2021-05-18T22:18:06+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2014,7 +2014,7 @@ CVE-2021-32240 CVE-2021-32239 RESERVED CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...) - TODO: check + NOT-FOR-US: Epic Games / Psyonix Rocket League CVE-2021-32237 RESERVED CVE-2021-32236 @@ -3131,7 +3131,7 @@ CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 perform CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) NOT-FOR-US: OpenDistro for Elasticsearch CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2021-31825 RESERVED CVE-2021-31824 @@ -12082,7 +12082,7 @@ CVE-2021-28043 CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) NOT-FOR-US: Deutsche Post Mailoptimizer CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) - openssh 1:8.4p1-5 (bug #984940) [buster] - openssh <not-affected> (Vulnerable code introduced later) @@ -50474,7 +50474,7 @@ CVE-2020-24742 CVE-2020-24741 RESERVED CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...) - TODO: check + NOT-FOR-US: Pluck CMS CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-24738 @@ -52073,7 +52073,7 @@ CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is NOTE: Fixed in 2020.07.09 upstream, cf. NOTE: http://www.live555.com/liveMedia/public/changelog.txt CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...) - TODO: check + NOT-FOR-US: TinyShop CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...) - node-node-sass <unfixed> [bullseye] - node-node-sass <ignored> (Minor issue) @@ -52441,9 +52441,9 @@ CVE-2020-23854 CVE-2020-23853 RESERVED CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...) - TODO: check + NOT-FOR-US: ffjpeg CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...) - TODO: check + NOT-FOR-US: ffjpeg CVE-2020-23850 RESERVED CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...) @@ -58248,7 +58248,7 @@ CVE-2020-20953 CVE-2020-20952 RESERVED CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...) - TODO: check + NOT-FOR-US: Pluck CMS CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) NOT-FOR-US: Microchip Libraries for Applications CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...) @@ -59650,9 +59650,9 @@ CVE-2020-20256 CVE-2020-20255 RESERVED CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20252 RESERVED CVE-2020-20251 @@ -59684,9 +59684,9 @@ CVE-2020-20239 CVE-2020-20238 RESERVED CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20235 RESERVED CVE-2020-20234 @@ -59714,7 +59714,7 @@ CVE-2020-20224 CVE-2020-20223 RESERVED CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20221 RESERVED CVE-2020-20220 @@ -59730,7 +59730,7 @@ CVE-2020-20216 CVE-2020-20215 RESERVED CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOs CVE-2020-20213 RESERVED CVE-2020-20212 @@ -63817,7 +63817,7 @@ CVE-2020-18180 CVE-2020-18179 RESERVED CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...) - TODO: check + NOT-FOR-US: HongCMS CVE-2020-18177 RESERVED CVE-2020-18176 @@ -70545,7 +70545,7 @@ CVE-2020-15281 CVE-2020-15280 RESERVED CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) NOT-FOR-US: Red Discord Bot CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6810b7344c62d5a163b1c86cb12980f553f06573 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6810b7344c62d5a163b1c86cb12980f553f06573 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits